Two and a half years ago, we wrote about former Reuters editor Matthew Keys being indicted based on charges that he'd shared the login information for the content management system to his former employer, the Tribune Company, in an online forum and then encouraged members of Anonymous in that forum to mess things up. Some people used that access to change a story on the LA Times website. Keys insists that he didn't do this and the feds have no direct evidence linking him to whoever leaked the login (he also claims at the time of the leak he no longer had access to the Tribune Company's systems).
As we noted at the time, if we accept the DOJ's version of what happened, what Keys did definitely was the wrong thing to do. But the result was little more than annoying vandalism -- and nothing Keys did should qualify as "criminal hacking." The changes to the LA Times were up for less than an hour and quickly reverted. There was little evidence that it created any real damage, and certainly no lasting damage. And yet, because this is a "computer crime," the feds came down on Keys as if he was part of some massive criminal conspiracy. In order to use the already problematic CFAA, it needed to show more than $5,000 worth of damage, which is crazy. Even crazier... is that the feds argued $929,977 worth of damage, based on some ridiculously exaggerated estimates of the amount of time people had to work on this issue.
And now a jury has convicted Keys on all three counts. Sentencing will be in January, and while lots of people are throwing around the statutory maximum of 25 years in jail, prosecutors have said they'll likely ask for "less than 5 years" according to Motherboard's Sarah Jeong, who was at the courthouse.
I think it's clear that Keys was in the wrong in handing out the login to the Tribune's systems, if he actually did it. But should that equate to criminal hacking charges and jailtime, because it resulted in a bit of online vandalism and some annoyance for a sys admin somewhere? That seems doubtful. As Keys himself points out in a pinned tweet in his Twitter feed, if sharing logins is a criminal act, all of you who share your HBO Go or Netflix logins may want to be careful.
The problem, once again, comes back to the ridiculous CFAA and the bogeyman of "computer hackers." It was wrong to give out the login, but the idea that it did even $5,000 in damage (as required by the CFAA), let alone nearly a million in damages, is ludicrous. It's even more ludicrous that this should be a criminal offense with any jailtime at stake. Go after him in a civil case for actual damages (of which there would be very little) and move on. Keys, for his part, has said the verdict is "bullshit" and he's planning to appeal.
It's way past time that we fixed the CFAA, and the Matthew Keys verdict is just yet another reminder that Congress needs to do something.
from the La-Cosa-Nostra:-Large-Appliance-Division dept
We're used to corporate battles over product placement, intellectual property and market share, but they usually take the form of courtroom disputes, targeted advertising and bland mission statements. But two major consumer electronics companies' recent fight has not only found its way into a courtroom, but also involves the alleged deployment of Mafia-esque tactics.
Last fall, Samsung placed some of its washing machines in a German shopping mall as a teaser/advertisement for its appearance at an upcoming trade show. That's when things turned surprisingly unprofessional.
LG, of course, has denied this. It doesn't deny the fact that it sent a small team of executives to the mall to check out the competition. It also doesn't deny that its execs did a little stress testing of the washing machine's door, something that was captured by the mall's security cameras. (See video below.)
Samsung claims LG's personnel "broke" the washing machine door deliberately in order to sabotage Samsung's reputation ahead of the upcoming show. LG claims that if the door was indeed broken by its employees' downward shoves, it's only because Samsung's washer doors are crap.
This dispute eventually made its way from mall display to the Korean courts. LG tried to head off Samsung's lawsuit by offering to purchase the washing machines (which retail for more than $2700 a piece). Samsung replied with a curt "Thanks, but see you in court."
The end result? An indictment of the executives involved in last year's Man vs. Competitor's Machine shoving match.
A top LG Electronics Inc. executive has been indicted by Seoul prosecutors for allegedly vandalizing several high-end washing machines manufactured by rival Samsung Electronics Co.
An LG Electronics spokeswoman said Sunday that Jo Seong-jin, head of the company’s home-appliance division, has been indicted on charges of deliberately damaging four Samsung “Crystal Blue” washing machines ahead of a trade show in Germany last September. Mr. Jo has also been charged with defamation and obstruction of business, she said.
Two other company executives have been indicted on similar charges over the same incident, the spokeswoman said.
LG had countersued for defamation and evidence tampering (it claims Samsung accessed the washing machines during their trip back from Berlin to be presented in court), but that will no longer move forward as a result of this court decision.
LG is now fighting back via its own corporate channel. It uploaded a video containing the questionable "examination" performed at the German shopping center, along with comparative demonstrations of everyday usage that supposedly exert as much strain on washing machine doors as Mr. Jo did. For reasons only known to LG, the video contains the sort of electronic library music more suited for painfully boring 5th period educational films than corporate exculpatory efforts… so heads up on that.
Fighting for a larger share of a $400 billion market is never going to be pretty, but until now, these companies have managed to keep these efforts hidden from the public. Sabotaging a competitor is generally the sort of thing done in secrecy, behind closed boardroom doors, rather than in full view of the general public and Samsung employees. Maybe the market is too large to keep the gloves on and the cutthroat tactics obscured. Any portion of $400 billion is a whole lot of money and the potential gain of a few points in market share could be tantalizing enough to persuade large companies to put their reputation on the line with the open appearance of mob-level impropriety. ("Nice washing machine you got here. Be a shame if the door didn't close properly.")
Money -- especially that much money -- does strange things to normally logical people. In the underrated Way of the Gun, when a long-time criminal is asked why he would do something terrible for a motivator as supposedly weak as "just money," he responds:
Not money, 15 million dollars. Fifteen million dollars is not money, it's a motive with a universal adaptor on it.
What's a few $2700 washers (and a few indictments) in a $400 billion market? Not enough to be of consequence and certainly not enough of a deterrent to head off future brute force attacks on competitors. I, for one, welcome our corporate giants' embrace of low-level thuggery, which is more interesting and more relatable than a string of noncommittal and obfuscatory sentences hidden in the back pages of quarterly SEC filings. I'm looking forward to a world where demographic groups are captured not via Super Bowl ads and targeted marketing, but by competitors tripping "check engine" lights in competitors' showroom vehicles or pinstriped execs hacking the home screen of the latest connected home thingie to display nothing but a steady stream of porn shots.
This is the future we consumers deserve. Too many products fail to excite buyers, what with a preponderance of me-too styling and features. If the products don't move us, maybe the companies themselves will. It's time to be wowed by the gutsiest display of executive-level disregard for corporate propriety. We need our business leaders to step up and vow to be the next Suge Knight or Broad Street Bullies of their respective fields. Even if LG's execs didn't actually break Samsung's washer doors, they should be commended for their willingness to stroll into a public place and give every appearance that they were doing exactlythat.
According to a federal indictment first obtained by the Huffington Post, Keys used a chat site to pass information to Anonymous. Using the name AESCracked, Keys handed over the login credentials and told hackers to "go fuck some shit up", the indictment says.
The hacker accessed at least one Los Angeles Times story and altered it, the charges say.
On the one hand, when compared what happened with Aaron Swartz, this is a step in the right direction. We're not talking about someone with positive intentions who walked the line between hacking and innovation, but someone who acted with obvious malice. But on the other hand, this highlights the big problem with federal hacking laws. The damage amounted to little more than inconvenience for a system administrator, making this essentially a case of small-scale vandalism—but because it involves computers, it's elevated to a federal crime. This really makes no sense. Computers and the internet are present in every part of life today, and computer crime can happen at every scale. In this case, it was the sort of reckless but small act of spite that would result in a much less serious punishment if it didn't happen online, and if it didn't allow the government to place Anonymous in the villain role of another story.
The case against Keys looks strong, and I'm guessing it will end with some sort of deal for a lesser punishment—possibly in exchange for information about other hackers. The real penalty will be the damage done to his career by this breach of trust (which further highlights the pointlessness of trying to put him in jail), but the biggest takeaway is that federal computer crime laws are in serious need of reform. Elevating the severity of simple crimes because they involve what is now one of the most common tools in the world is a senseless imbalance of justice, and makes it much harder to identify and combat serious crime online.
A few weeks ago, we wrote about how the octogenarian woman in Spain, who tried (and... failed...) to "restore" a 19th-century fresco, and then tried to claim copyright on her work and demanded a cut of the church's collection box, since the fresco was suddenly drawing many new visitors. Perhaps this "but I improved it" defense of defacing artwork is becoming more common. Apparently, a prankster, who claims to be pushing his own art movement, defaced a multi-million dollar Mark Rothko painting hanging at the Tate Modern gallery... and when tracked down by a reporter from The Guardian, defended his actions by claiming he had improved the value of the painting:
"I believe that if someone restores the [Rothko] piece and removes my signature the value of the piece would be lower but after a few years the value will go higher because of what I did," he said, comparing himself to Marcel Duchamp, the French artist who shocked the art establishment when he signed a urinal and put it on display in 1917.
"I was expecting that the security at Tate Modern would take me straight away, because I was there and I signed the picture in front of a lot of people. There is video and cameras and everything, so I was shocked."
"I didn't destroy the picture. I did not steal anything. There was a lot of stuff like this before. Marcel Duchamp signed things that were not made by him, or even Damien Hirst."
He basically signed his name to the photo and added "a potential piece of yellowism" which appears to be some sort of inane attempt at creating an art movement that nobody knows about.
We are, of course, big fans of remix culture and the ability to build on the works of others -- but part of the reason why we like such things is that it can be done without doing anything to the original. Flat out defacing another's work is not a remix or a mashup. It's just vandalism.
Late last week, a story broke about how a Google contractor was apparently scraping info from a Kenyan crowd-sourced phone directory, Mocality, and then calling businesses pretending that there was a joint Google-Mocality venture for which businesses had to pay. Google responded that it was "mortified" by these actions, and are investigating them. However, ReadWriteWeb, is now reporting that the very same contractor has now been called out for vandalizing Open Street Maps, the more open alternative to Google Maps that has been getting a lot more attention lately. It appears the vandalism was deliberate, doing things that are hard to spot -- like reversing the direction on one-way streets.
Of course, Open Street Maps, like Wikipedia, is open to vandalism. That's just the nature of the game. But the fact that it was a Google contractor doing this looks especially bad, given the somewhat competitive nature of the products. As a company gets larger, there are certainly bad seeds who are going to get hired, but these two stories clearly make Google look pretty bad. It's so bad, it almost makes you wonder if that was the intention of whoever was doing it.